Commit graph

3401 commits

Author SHA1 Message Date
vishalnayak 1df5c4d0ce Use AcceptanceTest bool in Test() function 2016-04-05 16:48:11 -04:00
Jeff Mitchell 732efc3cae Merge pull request #1296 from hashicorp/vault-acc
s/TF_ACC/VAULT_ACC
2016-04-05 15:47:26 -04:00
Sean Chittenden a8943aeaa2 Add a changelog entry for BSD mlock support 2016-04-05 12:35:28 -07:00
Sean Chittenden 47c3202811 Unconditionally warn on systems w/o mlock support
If someone begins using Vault on Windows in dev mode, always hint so that this isn't a surprise when they get to production.
2016-04-05 12:32:53 -07:00
vishalnayak fd8b023655 s/TF_ACC/VAULT_ACC 2016-04-05 15:24:59 -04:00
Sean Chittenden 308057a4a9 Switch Linux over to using the x/sys/unix package
Same syscall interface, but the `x/sys/unix` package is not frozen.  No functional change from this commit.
2016-04-05 12:19:46 -07:00
Sean Chittenden dcde117bcb go fmt was here, no functional change 2016-04-05 12:18:45 -07:00
Sean Chittenden 087e7c94d3 Add Vault support for the *BSDs, including Darwin
The `syscall` package has been frozen in favor of `x/sys`.  As a result, all of the BSDs are supported and do have `mlockall(2)` support in current versions of Go.
2016-04-05 12:18:19 -07:00
Vishal Nayak afbef78f62 Merge pull request #1295 from hashicorp/acceptance-tests
Added AcceptanceTest boolean to logical.TestCase
2016-04-05 15:16:43 -04:00
vishalnayak 95abdebb06 Added AcceptanceTest boolean to logical.TestCase 2016-04-05 15:10:44 -04:00
Jeff Mitchell 348be0e50b Remove RevokePrefix from the API too as we simply do not support it any
longer.
2016-04-05 11:00:12 -04:00
Jeff Mitchell ebfc8c3fb1 Merge pull request #1293 from gliptak/patch-2
Correct typo in base64 parameters
2016-04-05 09:38:00 -04:00
Jeff Mitchell 9108ed7eca Merge pull request #1292 from gliptak/patch-1
Update transit read key output
2016-04-05 09:37:41 -04:00
Gábor Lipták ce2dd5d869 Correct typo in base64 parameters 2016-04-05 09:20:43 -04:00
Gábor Lipták a8edba907f Update transit read key output 2016-04-05 09:16:47 -04:00
Jeff Mitchell d72e462686 Merge pull request #1290 from steve-jansen/patch-2
Adds note on GH-1102 fix to secret/aws doc
2016-04-05 08:37:39 -04:00
Jeff Mitchell 38ecad683a Merge pull request #1289 from steve-jansen/patch-1
Fix typo in iam permission for STS
2016-04-05 08:37:12 -04:00
Mark Mickan a55124f0b6 Ensure authorized_keys file is readable when uninstalling an ssh key
Without this change, if the user running the ssh key install script doesn't
have read access to the authorized_keys file when uninstalling a key, all
keys will be deleted from the authorized_keys file.

Fixes GH #1285
2016-04-05 17:26:21 +09:30
Steve Jansen d2b3d924ca Adds note on GH-1102 fix to secret/aws doc
Add note related to #1102, which leads to a non-obvious AWS error message on 0.5.0 or earlier.
2016-04-04 21:30:41 -04:00
Steve Jansen 89c7f312e4 Fix typo in iam permission for STS 2016-04-04 21:20:26 -04:00
Jeff Mitchell 9102b994aa Sync some seal stuff 2016-04-04 13:46:33 -04:00
Jeff Mitchell afae46feb7 SealInterface 2016-04-04 10:44:22 -04:00
Jeff Mitchell b47d6dc64f changelog++ 2016-04-02 13:34:05 -04:00
Jeff Mitchell 7df3ec46b0 Some fixups around error/warning in LDAP 2016-04-02 13:33:00 -04:00
Jeff Mitchell 2e1b12112a Merge pull request #1283 from hashicorp/ldap-nogroupdn-warn
If no group DN is configured, still look for policies on local users and
2016-04-02 13:13:27 -04:00
Jeff Mitchell 40325b8042 If no group DN is configured, still look for policies on local users and
return a warning, rather than just trying to do an LDAP search on an
empty string.
2016-04-02 13:11:36 -04:00
Jeff Mitchell 1b7335cf4e Fix up the meta common options text function to not strip leading space and fix up commands 2016-04-01 16:50:12 -04:00
Jeff Mitchell b0888e8af1 Remove config from Meta; it's only used right now with the token helper. 2016-04-01 16:02:18 -04:00
Jeff Mitchell a137081241 Move token helper out of meta 2016-04-01 14:23:15 -04:00
Jeff Mitchell 133d9c1008 Move meta into its own package 2016-04-01 13:16:05 -04:00
Riley Guerin 5620e00f9c fix typo 2016-04-01 07:49:25 -07:00
Riley Guerin 0fac5b906e change github example team to admins
somewhat recently github has gone away from the previous model of an "owners" team 
https://help.github.com/articles/converting-your-previous-owners-team-to-the-improved-organization-permissions/

you can be an "Owner" of the org still but this does not map to vault as one *might* expect given these docs
2016-04-01 07:48:54 -07:00
Jeff Mitchell 18c8b6eba8 Update 0.6 upgrade info 2016-04-01 10:11:32 -04:00
Jeff Mitchell 121a5b37f2 Add revoke-prefix changelog/website info 2016-04-01 10:06:29 -04:00
Jeff Mitchell 7d20380c42 Merge pull request #1280 from hashicorp/remove-ts-revoke-prefix
Remove auth/token/revoke-prefix in favor of sys/revoke-prefix.
2016-04-01 09:48:52 -04:00
Jeff Mitchell 9a992f93f7 changelog++ 2016-03-31 20:17:30 -04:00
Jeff Mitchell 2b2541e13f Merge pull request #1277 from hashicorp/suprious-revoke-timer-logs
Keep the expiration manager from keeping old token entries.
2016-03-31 20:16:31 -04:00
Jeff Mitchell 2efaf5272c Documentation update 2016-03-31 18:07:43 -04:00
Jeff Mitchell 2fd02b8dca Remove auth/token/revoke-prefix in favor of sys/revoke-prefix. 2016-03-31 18:04:05 -04:00
Jeff Mitchell 7a6df4a8ab changelog++ 2016-03-31 17:43:44 -04:00
Vishal Nayak 86ba95e1b2 Merge pull request #1278 from hashicorp/ts-prefix-checkpath
Check for auth/ in the path of the prefix for revoke-prefix in the token
2016-03-31 16:41:18 -04:00
Jeff Mitchell 7442867d53 Check for auth/ in the path of the prefix for revoke-prefix in the token
store.
2016-03-31 16:21:56 -04:00
Jeff Mitchell 25b2320899 changelog++ 2016-03-31 15:38:21 -04:00
Jeff Mitchell 75650ec1ad Keep the expiration manager from keeping old token entries.
The expiration manager would never be poked to remove token entries upon
token revocation, if that revocation was initiated in the token store
itself. It might have been to avoid deadlock, since during revocation of
tokens the expiration manager is called, which then calls back into the
token store, and so on.

This adds a way to skip that last call back into the token store if we
know that we're on the revocation path because we're in the middle of
revoking a token. That way the lease is cleaned up. This both prevents
log entries appearing for already-revoked tokens, and it also releases
timer/memory resources since we're not keeping the leases around.
2016-03-31 15:10:25 -04:00
Jeff Mitchell 1915582a24 Merge pull request #1276 from hashicorp/token-roles-blank-policies
Two items:
2016-03-31 15:09:32 -04:00
Jeff Mitchell ddce1efd0d Two items:
1: Fix path check in core to handle renew paths from the token store
that aren't simply renew/
2: Use token policy logic if token store role policies are empty
2016-03-31 14:52:49 -04:00
Seth Vargo 36215ab5df Merge pull request #1275 from gdevos/patch-2
Update index.html.md
2016-03-31 14:35:06 +02:00
Gérard de Vos eadf2faf83 Update index.html.md
According to the source it is expecting a description. log_raw is one of the options.
2016-03-31 14:19:03 +02:00
Seth Vargo cdf6e5d1ee Merge pull request #1274 from gdevos/patch-1
Update index.html.md
2016-03-31 14:07:27 +02:00
Gérard de Vos 13763203b6 Update index.html.md
description -> log_raw
2016-03-31 14:06:19 +02:00